Описание
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life, was deferred |
| devel | not-affected | 2.7.1-2ubuntu1 |
| feisty | ignored | end of life, was deferred |
| gutsy | ignored | end of life, was deferred |
| hardy | ignored | end of life, was deferred |
| intrepid | ignored | end of life, was deferred |
| jaunty | not-affected | 2.7.1-2ubuntu1 |
| karmic | not-affected | 2.7.1-2ubuntu1 |
| lucid | not-affected | 2.7.1-2ubuntu1 |
| maverick | not-affected | 2.7.1-2ubuntu1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
EPSS
7.5 High
CVSS2